Paper 2017/003

The STROBE protocol framework

Mike Hamburg


The “Internet of Things” (IoT) promises ubiquitous, cheap, connected devices. Unfortunately, most of these devices are hastily developed and will never receive code updates. Part of the IoT’s security problem is cryptographic, but established cryptographic solutions seem too heavy or too inflexible to adapt to new use cases. Here we describe Strobe, a new lightweight framework for building both cryptographic primitives and network protocols. Strobe is a sponge construction in the same family as Markku Saarinen’s BLINKER framework. The Strobe framework is simple and extensible. It is suitable for use as a hash, authenticated cipher, pseudorandom generator, and as the symmetric component of a network protocol engine. With an elliptic curve or other group primitive, it also provides a flexible Schnorr signature variant. Strobe can be instantiated with different sponge functions for different purposes. We show how to instantiate Strobe as an instance of NIST’s draft cSHAKE algorithm. We also show a lightweight implementation which is especially suitable for 16- and 32- bit microcontrollers, and also for small but high-speed hardware.

Note: Correct some unclear sections and a missing citation; thanks David Wong. Revise initialization of STROBE to reflect final revision of NIST SP 800-185 (cSHAKE).

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Real World Crypto 2017
protocol frameworkhashingauthenticated encryptionspongeduplexrandom oracleBLINKER
Contact author(s)
mike @ shiftleft org
2019-11-14: last of 2 revisions
2017-01-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mike Hamburg},
      title = {The STROBE protocol framework},
      howpublished = {Cryptology ePrint Archive, Paper 2017/003},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.